The Locklock Ransomware is based on the EDA-2 open-source ransomware project. This educational project was released at the beginning of 2016 as an educational project to make people more familiar with ransomware. However, since then it has been used multiple times to create fully functional and threatening ransomware that infects computers, encrypts the data stored on them, and then requests a ransom fee in exchange for decryption instructions. Malware researchers have identified a new EDA-2 variant and labeled it the LockLock Ransomware, due to the file extension it uses to mark encrypted files – ‘.the LockLock’. This new ransomware doesn’t boast any unique features that would make it more different than other EDA-2 variants released in the wild. One of the more unusual peculiarity is the contact information that the attackers have published in their ransom note. While con artists may rely on tools like BitMessage for their communication needs and temporary e-mail addresses, the authors of the LockLock Ransomware use an AOL e-mail and a Skype address to communicate with their victims. According to the ransom note, victims of the LockLock Ransomware must add ‘the LockLockrs’ to their Skype contacts or write an e-mail to the [email protected] The ransom note does not mention a ransom fee nor does it give the victim any guarantee that they’ll get their files back when they fulfill the requests of the attackers.
The LockLock Ransomware can encrypt over fifty types of files stored on the local hard drive. When the encryption task is finished, the ransomware may change the user’s desktop wallpaper to a dark image that contains a copy of the ransom note. Also, victims of the LockLock Ransomware will find a file called ‘READ_ME.txt’ on their desktops. This document contains a copy of the ransom note found in the wallpaper.
EDA-2 based ransomware has been decrypted in the past successfully, so it may be just a matter of time before malware experts manage to crack the LockLock Ransomware’s encryption. Keep in mind that file decryption does not include the ransomware’s full removal, and you should use an anti-malware utility to take care of this task.